Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
5
Replies

ASA 5520 implementation

Go to solution
binelipetrov
Level 1
Level 1

‎10-16-2007 11:20 PM - edited ‎03-11-2019 04:26 AM

Hi,

I have a question regarding ASA failover pair connection. Inside and outside interface (no DMZ) needs to be connected via L2 switch, and via LAN based cable. My question: is it possible to use the same switch for connecting ASA interfaces? Please look at attach file. Inside interfaces of both ASA is connected to ports in the same VLANs, an additional port (trunk) is connected to Cisco 6500 an OSPF is configured. Also, the sam is with outside interfaces of both ASAs.

Labels:
Preview file
42 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-16-2007 11:35 PM

Hi

Yes you can do this if you want to although i would question why you want to do this. The problem is you have redundant firewalls but only connecting to one switch so your catalyst 2960/3560 is now a single point of failure.

Seems wrong to have redundant firewalls hanging off one switch.

HTH

Jon

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to binelipetrov

‎10-17-2007 03:45 AM

Hi

Yes you are right it is still a single point of failure. The idea would be to have one inside interface to one switch and the other inside interface to another switch and the same for the outside.

You could if you wanted use the same physical switches and so you need 2 switches, each with 2 vlans although quite often designs often use separate switches for the outside interfaces.

It all depends on the level of redundancy you need.

Jon

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-16-2007 11:35 PM

Hi

Yes you can do this if you want to although i would question why you want to do this. The problem is you have redundant firewalls but only connecting to one switch so your catalyst 2960/3560 is now a single point of failure.

Seems wrong to have redundant firewalls hanging off one switch.

HTH

Jon

0 Helpful

Go to solution
binelipetrov
Level 1
Level 1
In response to Jon Marshall

‎10-17-2007 12:05 AM

OK, you are right, but what if we do that with two separate devices...for example, inside interfaces is connected two one switch, and outside in another...if something goes wrong with inside switch, nothing will work, it is still a single point of failure...same with outside switch...

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to binelipetrov

‎10-17-2007 03:45 AM

Hi

Yes you are right it is still a single point of failure. The idea would be to have one inside interface to one switch and the other inside interface to another switch and the same for the outside.

You could if you wanted use the same physical switches and so you need 2 switches, each with 2 vlans although quite often designs often use separate switches for the outside interfaces.

It all depends on the level of redundancy you need.

Jon

0 Helpful

Go to solution
binelipetrov
Level 1
Level 1
In response to Jon Marshall

‎10-17-2007 04:07 AM

yes, level of redundancy and amount of money that customer want to give..:) In this moment, thay have only one switch, so it was important for me to know if it is possible to implement that only with one switch. Thanks on answers

0 Helpful

Go to solution
fahim
Level 1
Level 1
In response to Jon Marshall

‎10-19-2007 11:16 PM

jon, is this possible to assign same subnet address to two inside interfaces on ASA 5520 sw v 7.2.2?

In order to use two ASAs in redundancy mode connected to two different L2 switches, this would be required so I was wondering if it's doable?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card